REDMOND, Wash., March 30, 2005 — When Fulton County’s network infrastructure was hit with a computer virus that caused a 48-hour outage, officials at the largest county government in the state of Georgia decided it was time to intensify network security. Several days of downed computer services in libraries, courts, public-health clinics, social-service agencies, county offices and jails in a county serving nearly 900,000 constituents, including the city of Atlanta, highlighted the need for security enhancements that would prevent further network downtime and the inefficient use of network resources.
Since deploying an early version of Microsoft Windows Server 2003 Service Pack 1 as a part of Microsoft’s Technology Adoption Program (TAP), Fulton County has seen dramatic results: Not only has Service Pack 1 helped Fulton County significantly boost network security, reliability and performance, but the security enhancements alone have allowed the county to reallocate an average of 25 percent of its IT resources to activities other than countering potential security threats.
Customers and Microsoft partners alike are enthusiastic about Windows Server 2003 Service Pack 1, a no-cost service update that became available to customers today. Service Pack 1 goes beyond the typical service-pack rollup of hot fixes, security patches and critical updates by addressing core security issues. It is designed to effectively reduce the attack surface of Windows Server 2003, protect system services with stronger default settings and reduce server privileges. Service Pack 1 includes the latest Microsoft Windows XP Service Pack 2 enhancements, adding new features that augment security, as well as increase reliability and performance.
“Businesses of all sizes have a critical need to better protect themselves from the security threats that exist today, and Windows Server 2003 Service Pack 1 includes new and enhanced technologies built specifically to help our customers up-level their security,” says Samm DiStasio, director of product management in the Windows Server division at Microsoft. “And because we’ve also built Service Pack 1with the goal of simplifying management tasks, it will help companies achieve not only greater security, reliability and performance, but improve staff efficiency in the process.”
New Security Features to Reduce Vulnerabilities
Microsoft built new security functionality into Service Pack 1 to address known security vulnerabilities and help organizations better face future threats. One of these new technologies is the Security Configuration Wizard, which reduces the attack surface by querying users about the role their servers fill, and then stopping all services and blocking ports that are not needed. This helps companies eliminate potential toeholds for hackers and malicious code.
Another new technology, Post-Setup Security Updates (PSSU), protects servers when they are most vulnerable — the time between their installation and application of the latest security updates — by blocking all inbound connections to the server until security updates have been installed.
Windows Firewall, a significant feature that Windows Server 2003 Service Pack 1 shares with Windows XP Service Pack 2, enables network-wide control through Group Policy and serves as a host firewall around each client and server computer.
Other security features in the service pack include support for no-execute hardware, which reduces the likelihood of the broadest and most exploited avenues of information attack, and Internet Information Services (IIS) 6.0 Metabase Auditing, which allows administrators to identify potential malicious users should the store become corrupted
Fulton County Realizes Security and Resource-Management Improvements
Taylor’s staff of 145 IT professionals supports 7,000 Fulton County employees in 225 buildings across the county. As a result, Taylor and his staff needed to find an efficient way to manage the network and also significantly increase network security.
Windows Server Service Pack 1 delivers three main security benefits to Fulton County’s IT department: streamlined management using the Security Configuration Wizard, increased control over file sharing, and enhanced Internet security using spyware and popup blockers.
In addition to the security benefits, Windows Server Service Pack 1 also gives the county’s IT staff the ability to more efficiently manage servers remotely. In the past, Fulton County used a third-party solution, but it was cumbersome and didn’t allow administrators to access to the server console. Service Pack 1’s Remote Administration Console provides the ability to remotely manage servers, reducing the county’s on-call technical support while increasing productivity during maintenance calls.
“The security enhancements in Windows Server 2003 Service Pack 1 all but eliminated the security threats that our department spent so much time monitoring and alleviating,” says Robert Taylor, chief information officer and director of Information Technology for Fulton County. “The value of our being able to redirect 25 percent of our staff resources averages out to approximately US$350,000 a year.”
Industry Partners Collaborate with Microsoft to Ensure Compatibility
In addition to working closely with customers, Microsoft also worked closely with its partners to develop a solid service pack and ensure the highest possible level of application and device compatibility.
The company collaborated with Intel to deliver new capabilities in the enterprise based on Windows Server 2003 Service Pack1 and Intel Xeon and Itanium 2 processors, spanning from front-end servers to scale-up platforms capable of replacing expensive proprietary RISC/UNIX systems. Key areas of joint development ranged from performance enhancements and increased reliability to security features, such as Intel’s Execute Disable Bit technology that prevents certain classes of malicious attacks and worms, and solution-level features, such as the IA-32 execution layer, which Microsoft has included in Service Pack 1 and enables IA-32 applications to run unchanged on Itanium 2-based systems.
“New technologies that add value for end users, from I/O to security to multi-core and multi-threading, are a huge area of focus and innovation for Intel, and we work very closely with Microsoft, not only in the very early stages of engineering the products and later in the testing labs, but also together with the external community of independent software vendors to bring these enhancements to market,” says Lisa Graff, general manager of the high-end server product line at Intel.
K2 Reduces System Vulnerability, Management and Administration Costs
Another participant in the Technology Adoption Program (TAP) at Microsoft, sports-equipment manufacturer K2, also tested Windows Server 2003 Service Pack 1. Because K2, which is based in Washington state, is a global company with users as far away as China and Japan, its employees access the network through a virtual private network (VPN), which is a security concern for the company. K2 hoped Service Pack 1 would help it obtain even greater compliance with security updates and increase its system reliability and productivity.
The upgrade to Windows Server 2003 Service Pack 1 was smooth, and has enabled K2 to reduce system vulnerability to viruses, worms and hacker attacks. The service pack has also added functionality that continues to reduce system management and administration costs.
“Installing Service Pack 1 was so smooth that it basically went unnoticed,” says Jonathon Addington, network administrator at K2. “We were also pleased with how the planning, migration and follow up went, and we attribute this ease largely to the professionalism and technical capabilities of Microsoft Consulting Services staff.”
Windows Server 2003 Service Pack 1 increases K2’s network security in a number of ways. Service Pack1’s Virtual Private Network (VPN) Quarantine feature provides an automatic means for K2 to limit remote network access. Additionally, the Remote Administration Console lets network administrators fix problems remotely, allowing them to successfully close more help tickets from the IT desk.
With the added functionality provided by Windows Server 2003 Service Pack 1, Addington estimates K2 will save several hundred hours each quarter as a result of decreased time spent managing servers.
“Service Pack1 is providing K2 with a ‘no-cost’ means to comply with the latest security updates and enhance the overall reliability and productivity of our Windows Server 2003 operating system,” says Addington. “We installed the service pack for the same reason we use Microsoft products in the first place — we’re confident in their software.”
Customer Feedback Incorporated Through Technology Adoption Program
K2 and Fulton County are just two of 20 Microsoft customers that participated in the Technology Adoption Program (TAP) for Windows Server 2003 Service Pack 1. TAP is designed to provide a consistent experience for customers partnering with Microsoft and collaborating on the design of upcoming products. Customers work closely with product-team engineers, providing real-world feedback on pre-release products, and at the same time receiving help in deploying their Microsoft solutions and early product education. The customers that participated in the TAP program for Service Pack 1 represent diverse business sizes, geographies and types, to ensure Microsoft incorporates feedback from a cross section of customers.
Deployment scenarios for Service Pack 1 consisted of several installation types, ranging from customers upgrading from Windows NT 4.0 to those applying Service Pack 1 to their existing Windows Server 2003 machines. To ensure feedback was collected and incorporated regularly, Microsoft assigned a TAP program manager to each customer to be its point of contact throughout the program, and each customer assigned a TAP Project Team.
Collaborating with Partners to Improve Customers’ Security and Provide Application Compatibility
Microsoft worked with a broad range of industry partners on the development of Service Pack 1 with the goal of utilizing security enhancements in hardware and providing high levels of application compatibility.
One, AMD, manufactures processors that are enabled with hardware hooks and provide enhanced virus protection when combined with Windows Server 2003 Service Pack 1.
“Security plays an incredibly important role in the everyday operations for businesses of all sizes today,” says Margaret Lewis, commercial software strategist at AMD. “We’ve developed our products to work seamlessly with Microsoft Windows service packs, so businesses using AMD hardware and Microsoft software together can have a greater sense of confidence that their data and critical programs benefit from enhanced virus protection.”
Service Pack 1 Part of the Ongoing Evolution of Windows Server
Microsoft realizes that security is a major concern for organizations of all sizes today, and remains committed to continually delivering software products with enhanced security. To take advantage of the security enhancements in Windows Server 2003 Service Pack 1, Microsoft is encouraging customers and partners to begin evaluating Service Pack 1 for near-term deployment immediately, if they haven’t already.
“The delivery of Windows Server 2003 Service Pack 1 is another milestone in our work to increase network security for our customers,” said DiStasio. “It’s important for customers and partners to begin evaluating Service Pack 1 today, and to install it as soon as possible to take advantage of the significant product enhancements.”